[Snyk] Upgrade react-native from 0.56.0 to 0.71.3

[snyk-bot]

Snyk has created this PR to upgrade react-native from 0.56.0 to 0.71.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 174 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-02-14.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-PLIST-2405644	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) npm:plist:20180219	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MERGE-1040469	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	No Known Exploit
	Prototype Pollution SNYK-JS-MERGE-1042987	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	No Known Exploit
	Prototype Pollution SNYK-JS-XMLDOM-3042242	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Denial of Service (DoS) npm:mem:20180117	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	XML External Entity (XXE) Injection SNYK-JS-XMLDOM-1084960	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	No Known Exploit
	Improper Input Validation SNYK-JS-XMLDOM-1534562	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	No Known Exploit
	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-2429795	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept
	Improper Input Validation SNYK-JS-XMLDOM-3092935	671/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: react-native

• 0.71.3 - 2023-02-14
  

  Changed

  • Bump package versions (4b84888a90 by @ cipolleschi), (60f0a71060 by @ cipolleschi), (a3f205a27b by @ cipolleschi):
    • react-native-codegen to 0.71.5
    • react-native-gradle-plugin to 0.71.15

  Fixed

  • (codegen) Add missing C++ include for prop conversion of complex array type (92fc32aa by @ rshest)

  Android specific

  • Fixed jscexecutor crash on Android which is caused from NDK incompatibility (a232decbb1 by @ Kudo)
  • Used relative paths for gradle commands (bb02ccf13f by @ shivenmian)

  iOS specific

  • fix pod install --project-directory=... (ad1ddc241a by @ tido64)

  ---

  You can participate in the conversation on the status of this release in this discussion.

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.71.2 - 2023-02-01
  

  Added

  • Added AlertOptions argument to the type definition for Alert.prompt to bring it into parity with the js code. (305ca337c0 by @ paulmand3l)
  • Added missing accessibilityLabelledBy TypeScript type (e162b07982 by @ DimitarNestorov)
  • Added missing accessibilityLanguage TypeScript type (71c4f57baf by @ DimitarNestorov)

  Changed

  • Bump react-native-gradle-plugin to ^0.71.14 in core, @ react-native-community/eslint-config to ^3.2.0 in starting template (785bc8d97b by @ kelset)

  Fixed

  • Add TextInput's inputMode TypeScript types (fac7859863 by @ eps1lon)
  • Fix crash by conditional value of aspectRatio style value (a8166bd75b by @ mym0404)
  • Fix TurboModuleRegistry TS type (c289442848 by @ janicduplessis)
  • Fix invariant violation when nesting VirtualizedList inside ListEmptyComponent (1fef376812 by @ NickGerleman)

  Android specific

  • [RNGP] Properly set the jsRootDir default value (c0004092f9 by @ cortinico)
  • Do not use WindowInsetsCompat for Keyboard Events (32f54877ff by @ NickGerleman)
  • Mitigation for Samsung TextInput Hangs (4650ef3 by @ NickGerleman)

  iOS specific

  • Add Back dynamic framework support for the Old Architecture with Hermes (b3040ec624 by @ cipolleschi)
  • Add Back dynamic framework support for the old architecture (da270d038c by @ cipolleschi)

  ---

  You can participate in the conversation on the status of this release in this discussion.

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.71.1 - 2023-01-19
  

  Added

  Android specific

  • Add jsinspector to the prefab target (a80cf96fc8 by @ Kudo)

  iOS specific

  • Add initialProps property to RCTAppDelegate (b314e6f147 by @ jblarriviere)

  Changed

  • Bump CLI to 10.1.3 (b868970037 by @ kelset)
  • Bump RNGP to 0.71.13 (416463c406 by @ cipolleschi)

  Fixed

  • Fix(cli,metro,babel): bump cli and metro and babel to fix Windows+Metro issue (df7c92ff4c by @ kelset)

  Android specific

  • Fix ReactRootView crash when root view window insets are null (4cdc2c48e8 by @ enahum)
  • Fix for resources not correctly bundlded on release appbundles (60b9d8c2b9 by @ cortinico)
  • RNGP - Honor the --active-arch-only when configuring the NDK (470f79b617 by @ cortinico)
  • Fixed typo in template build.gradle (38e35df47c by @ Titozzz)

  iOS specific

  • Exclude react-native-flipper when NO_FLIPPER=1 to prevent iOS build fail (f47b5b8b5d by @ retyui)
  • Fix RCTAlertController not showing when using SceneDelegate on iOS 13.0+. (0c53420a7a)
  • Handle Null Exception to Validate input in RCTAlertController and in RCTDevLoadingView (79e603c5ab by @ admirsaheta)
  • Fixed the potential race condition when dismissing and presentating modal (e948c79bda by @ wood1986)
  • Fix build errors when inheriting RCTAppDelegate in Swift modules (5eb25d2186 by @ Kudo)
  • OnSelectionChange() is fired before onChange() on multiline TextInput (64475aeb3b by @ s77rt)
  • Build: remove deprecated File.exists() method from Hermes podspec. (38e5fa6a96 by @ kelset)

  ---

  You can participate in the conversation on the status of this release in this discussion

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.71.0 - 2023-01-12
  

  0.71 stable is out!
  This release includes over 1000 commits from 70+ contributors! Thank you to all our contributors new and old!

  See the highlights of the release in our release blog post.

  ---

  ⚠️ Git Bash users on Windows might experience "Unable to resolve" red boxes, because of an issue with Metro (silently fails without discovering any files). It will be fixed in 0.71.1 next week, in the meantime you can set resolver.useWatchman: false in metro.config.js.

  ---

  You can participate in the conversation on the status of this release in this discussion

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.71.0-rc.6 - 2023-01-09
• 0.71.0-rc.5 - 2022-12-19
• 0.71.0-rc.4 - 2022-12-14
• 0.71.0-rc.3 - 2022-11-30
• 0.71.0-rc.2 - 2022-11-24
• 0.71.0-rc.1 - 2022-11-23
• 0.71.0-rc.0 - 2022-11-04
• 0.70.7 - 2023-01-31
  

  Fixes

  Android Specific

  • Mitigation for Samsung TextInput Hangs (be69c8b5a7 by @ NickGerleman)

  iOS Specific

  • Fix the potential race condition when dismissing and presenting modal (279fb52e03 by @ wood1986)

  Added

  Android

  • Add POST_NOTIFICATIONS and deprecate POST_NOTIFICATION (b5280bbc93 by @ dcangulo)

  ---

  You can participate in the conversation on the status of this release in this discussion

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.70.6 - 2022-11-15
• 0.70.5 - 2022-11-06
• 0.70.4 - 2022-10-25
• 0.70.3 - 2022-10-12
• 0.70.2 - 2022-10-04
• 0.70.1 - 2022-09-15
• 0.70.0 - 2022-09-05
• 0.70.0-rc.4 - 2022-08-22
• 0.70.0-rc.3 - 2022-08-15
• 0.70.0-rc.2 - 2022-08-04
• 0.70.0-rc.1 - 2022-07-28
• 0.70.0-rc.0 - 2022-07-15
• 0.69.8 - 2023-01-30
  

  This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

  Please let us know in the issue if this new version addresses the problem for you.

  ---

  You can participate in the conversation on the status of this release in this discussion.

  ---

  To help you upgrade to this version, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.69.7 - 2022-11-06
• 0.69.6 - 2022-09-27
• 0.69.5 - 2022-08-25
• 0.69.4 - 2022-08-08
• 0.69.3 - 2022-07-25
• 0.69.2 - 2022-07-20
• 0.69.1 - 2022-06-29
• 0.69.0 - 2022-06-22
• 0.69.0-rc.6 - 2022-06-01
• 0.69.0-rc.5 - 2022-05-31
• 0.69.0-rc.4 - 2022-05-31
• 0.69.0-rc.3 - 2022-05-24
• 0.69.0-rc.2 - 2022-05-20
• 0.69.0-rc.1 - 2022-05-11
• 0.69.0-rc.0 - 2022-04-28
• 0.68.6 - 2023-01-30
  

  🚨 IMPORTANT: This is an exceptional release on an unsupported version. We recommend you upgrade to one of the supported versions, listed here.

  Hotfix

  This version is a patch release with a mitigation solution for the Android issue on Samsung devices.

  Please let us know in the issue if this new version addresses the problem for you.

  ---

  To help you upgrade to new versions, you can use the upgrade helper ⚛️

  ---

  You can find the whole changelog history in the changelog.md file.

• 0.68.5 - 2022-11-06
• 0.68.4 - 2022-10-10
• 0.68.3 - 2022-08-08
• 0.68.2 - 2022-05-09
• 0.68.1 - 2022-04-13
• 0.68.0 - 2022-03-30
• 0.68.0-rc.4 - 2022-03-25
• 0.68.0-rc.3 - 2022-03-17
• 0.68.0-rc.2 - 2022-02-24
• 0.68.0-rc.1 - 2022-02-03
• 0.68.0-rc.0 - 2022-01-28
• 0.67.5 - 2022-11-06
• 0.67.4 - 2022-03-18
• 0.67.3 - 2022-02-22
• 0.67.2 - 2022-01-31
• 0.67.1 - 2022-01-20
• 0.67.0 - 2022-01-18
• 0.67.0-rc.6 - 2021-12-14
• 0.67.0-rc.5 - 2021-12-06
• 0.67.0-rc.4 - 2021-11-30
• 0.67.0-rc.3 - 2021-11-05
• 0.67.0-rc.2 - 2021-10-25
• 0.67.0-rc.1 - 2021-10-22
• 0.67.0-rc.0 - 2021-10-16
• 0.66.5 - 2022-11-06
• 0.66.4 - 2021-12-09
• 0.66.3 - 2021-11-10
• 0.66.2 - 2021-11-04
• 0.66.1 - 2021-10-15
• 0.66.0 - 2021-10-01
• 0.66.0-rc.4 - 2021-09-24
• 0.66.0-rc.3 - 2021-09-17
• 0.66.0-rc.2 - 2021-09-10
• 0.66.0-rc.1 - 2021-09-01
• 0.66.0-rc.0 - 2021-08-27
• 0.65.3 - 2022-11-06
• 0.65.2 - 2021-11-04
• 0.65.1 - 2021-08-19
• 0.65.0 - 2021-08-17
• 0.65.0-rc.4 - 2021-08-11
• 0.65.0-rc.3 - 2021-07-23
• 0.65.0-rc.2 - 2021-06-18
• 0.65.0-rc.1 - 2021-06-17
• 0.65.0-rc.0 - 2021-06-09
• 0.64.4 - 2022-11-07
• 0.64.3 - 2021-11-04
• 0.64.2 - 2021-06-03
• 0.64.1 - 2021-05-05
• 0.64.0 - 2021-03-12
• 0.64.0-rc.4 - 2021-03-01
• 0.64.0-rc.3 - 2021-02-05
• 0.64.0-rc.2 - 2020-12-18
• 0.64.0-rc.1 - 2020-11-25
• 0.64.0-rc.0 - 2020-11-23
• 0.63.5 - 2022-11-07
• 0.63.4 - 2020-11-30
• 0.63.3 - 2020-09-29
• 0.63.2 - 2020-07-22
• 0.63.1 - 2020-07-14
• 0.63.0 - 2020-07-08
• 0.63.0-rc.1 - 2020-05-04
• 0.63.0-rc.0 - 2020-04-16
• 0.62.3 - 2021-05-05
• 0.62.2 - 2020-04-08
• 0.62.1 - 2020-04-03
• 0.62.0 - 2020-03-26
• 0.62.0-rc.5 - 2020-03-07
• 0.62.0-rc.4 - 2020-03-06
• 0.62.0-rc.3 - 2020-02-25
• 0.62.0-rc.2 - 2020-02-13
• 0.62.0-rc.1 - 2020-01-21
• 0.62.0-rc.0 - 2019-12-18
• 0.61.5 - 2019-11-23
• 0.61.4 - 2019-11-04
• 0.61.3 - 2019-10-29
• 0.61.2 - 2019-10-02
• 0.61.1 - 2019-09-25
• 0.61.0 - 2019-09-24
• 0.61.0-rc.3 - 2019-09-10
• 0.61.0-rc.2 - 2019-09-04
• 0.61.0-rc.0 - 2019-08-27
• 0.60.6 - 2019-09-24
• 0.60.5 - 2019-08-13
• 0.60.4 - 2019-07-18
• 0.60.3 - 2019-07-11
• 0.60.2 - 2019-07-11
• 0.60.1 - 2019-07-11
• 0.60.0 - 2019-07-03
• 0.60.0-rc.3 - 2019-06-28
• 0.60.0-rc.2 - 2019-06-20
• 0.60.0-rc.1 - 2019-06-10
• 0.60.0-rc.0 - 2019-05-30
• 0.59.10 - 2019-07-02
• 0.59.9 - 2019-06-05
• 0.59.8 - 2019-05-08
• 0.59.7 - 2019-05-08
• 0.59.6 - 2019-04-18
• 0.59.5 - 2019-04-17
• 0.59.4 - 2019-04-08
• 0.59.3 - 2019-04-01
• 0.59.2 - 2019-03-25
• 0.59.1 - 2019-03-14
• 0.59.0 - 2019-03-12
• 0.59.0-rc.3 - 2019-02-27
• 0.59.0-rc.2 - 2019-02-18
• 0.59.0-rc.1 - 2019-02-15
• 0.59.0-rc.0 - 2019-02-13
• 0.58.6 - 2019-02-28
• 0.58.5 - 2019-02-19
• 0.58.4 - 2019-02-06
• 0.58.3 - 2019-01-28
• 0.58.2 - 2019-01-28
• 0.58.1 - 2019-01-25
• 0.58.0 - 2019-01-24
• 0.58.0-rc.3 - 2019-01-17
• 0.58.0-rc.2 - 2018-12-18
• 0.58.0-rc.1 - 2018-12-06
• 0.58.0-rc.0 - 2018-11-22
• 0.57.8 - 2018-12-13
• 0.57.7 - 2018-11-27
• 0.57.6 - 2018-11-26
• 0.57.5 - 2018-11-13
• 0.57.4 - 2018-10-25
• 0.57.3 - 2018-10-12
• 0.57.2 - 2018-10-04
• 0.57.1 - 2018-09-21
• 0.57.0 - 2018-09-12
• 0.57.0-rc.4 - 2018-09-06
• 0.57.0-rc.3 - 2018-08-24
• 0.57.0-rc.2 - 2018-08-22
• 0.57.0-rc.1 - 2018-08-22
• 0.57.0-rc.0 - 2018-08-16
• 0.56.1 - 2018-09-10
• 0.56.0 - 2018-07-04

from react-native GitHub release notes

Commit messages

Package name: react-native

• d9321c0 [0.71.3] Bump version numbers
• a3f205a [LOCAL] Bump codegen package
• 4b84888 [LOCAL] Bump package versions
• 60f0a71 [ci][monorepo] bump package versions
• e9460f2 [LOCAL] Update podfile.lock
• ad1ddc2 fix(ios): fix `pod install --project-directory=...` (#36096)
• 374d874 update jsc-android to ndk r23 based (#36062)
• fbe9e2e RNGP - fix: use relative paths for gradle exec invocations (#36080)
• 92fc32a Add missing C++ include for prop conversion of complex array type (#35984)
• 66a47e1 [0.71.2] Bump version numbers
• 712efaf [LOCAL] remove too strict version controls
• 0b440d5 [LOCAL] we have patch versions after the .0
• 785bc8d [LOCAL] bump packages to latest available for 0.71
• 9aa9ee7 [ci][monorepo] bump package versions
• 77936fa fix(publishing-bumped-packages): look for status code instaead of stderr (#36004)
• 76ca8e2 RNGP - Properly set the `jsRootDir` default value (#35992)
• 5f536be Restore Dynamic framework with Hermes in the Old Architecture
• 4d3e7f8 Restore Dynamic framework with JSC in the Old Architecture
• 1a92cdb Add Tests in CircleCI to check dynamic frameworks with the old arch (#36003)
• 88196cd fix: use properly exclude parameter of matrix (#35794)
• 8329cfa Add `TextInput`'s `inputMode` TypeScript types (#35987)
• 4650ef3 Mitigation for Samsung TextInput Hangs (#35967)
• 1f9926f Fix crash by conditional value of aspectRatio style value (#35858) (#35859)
• c4a995d Adding AlertOptions to ts Alert.prompt function (#35957)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs